Re: NSA seeks to build quantum computer that could crack most types of encryption
On 04-01-2014 0:07, Filip M. Nowak wrote: “The irony of quantum computing is that if you can imagine someone building a quantum computer that can break encryption a few decades into the future, then you need to be worried right now,” Lidar said. [1] There exists already quantum-computing resistant crypto algorithms: https://en.wikipedia.org/wiki/NTRUEncrypt Perhaps it's about time to start talking about implementing them in GnuPG? -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Quantum computing
They cheat, they bribe, they lie, they blackmail, they take polygraph tests on each other but they don't invent. A spoofing organization is no fertile ground for true innovation. The real scientists, not the NSA are going to make progress in quantum computing. And it is not going to be as cheap as some tens of megabucks. Progress to get it practical will be painfully slow. You IT people can sit back and relax. Cheers Michael Anders (a dedicated physicist) Von Samsung Mobile gesendet___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: NSA seeks to build quantum computer that could crack most types of encryption
2014/1/4 Johan Wevers joh...@vulcan.xs4all.nl On 04-01-2014 0:07, Filip M. Nowak wrote: “The irony of quantum computing is that if you can imagine someone building a quantum computer that can break encryption a few decades into the future, then you need to be worried right now,” Lidar said. [1] There exists already quantum-computing resistant crypto algorithms: https://en.wikipedia.org/wiki/NTRUEncrypt Perhaps it's about time to start talking about implementing them in GnuPG? May be we can make better encryption algoritms with quantum computers and will replace actual standards -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- http://www.nuevaeralatam.com Linux user number 478378 Linux machine number 2003329 Tec. Esteban Monge Marín Tel: (506) 8379-3562 “No habrá manera de desarrollarnos y salir de la pobreza mientras los pocos negocios grandes de nuestro medio se entreguen a las economías foráneas y nosotros nos quedemos con solo negocios de pobre, mientras en vez de ser propietarios de nuestro propio país nos convirtamos en un ejército de empleados del exterior” José Figueres Ferrer, 1952. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: NSA seeks to build quantum computer that could crack most types of encryption
On 04.01.2014 12:48, Esteban Monge wrote: 2014/1/4 Johan Wevers joh...@vulcan.xs4all.nl mailto:joh...@vulcan.xs4all.nl On 04-01-2014 0:07, Filip M. Nowak wrote: “The irony of quantum computing is that if you can imagine someone building a quantum computer that can break encryption a few decades into the future, then you need to be worried right now,” Lidar said. [1] There exists already quantum-computing resistant crypto algorithms: https://en.wikipedia.org/wiki/NTRUEncrypt Perhaps it's about time to start talking about implementing them in GnuPG? By starting with changes in standard(s) which tools like PGP or GnuPG are implementing. Some other, good points were mentioned here: http://secushare.org/PGP Of course we can negate need of improvement by statements really popular these days like: compilers, libcs and OSes kernels have so many holes it's not worth to care anyway But this is rather questionable approach I think. May be we can make better encryption algoritms with quantum computers and will replace actual standards You seems to be missing the point: if you can imagine someone building a quantum computer that can break encryption a few decades into the future, then you need to be worried right now Regards, Filip ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: NSA seeks to build quantum computer that could crack most types of encryption
On Sat, 4 Jan 2014, Filip M. Nowak wrote: if you can imagine someone building a quantum computer that can break encryption a few decades into the future, then you need to be worried right now worried? probably not. concerned? maybe. planning ahead? probably. Post-quantum cryptography http://en.wikipedia.org/wiki/Post-quantum_cryptography -- ...atom http://atom.smasher.org/ 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 - I tremble for my country when I reflect that God is just. -- Thomas Jefferson ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Quantum computing
Hello, micha137. You wrote 4 января 2014 г., 16:31:44: m They cheat, they bribe, they lie, they blackmail, they take polygraph m tests on each other but they don't invent. As far as I know, NSA is biggest employer of mathematicians in the world. I don't know about physics and quantum computing, but they CAN invent something, that depends on number theory. -- // Black Lion AKA Lev Serebryakov l...@serebryakov.spb.ru ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: sign encrypted emails
On Fri, Jan 03, 2014 at 07:31:29PM -0500, Daniel Kahn Gillmor wrote: On 01/03/2014 06:56 PM, Leo Gaspard wrote: On Fri, Jan 03, 2014 at 12:50:47PM -0500, Daniel Kahn Gillmor wrote: On 01/03/2014 08:12 AM, Leo Gaspard wrote: So changing the encryption could break an opsec. If someone's opsec is based on the question of whether a message was encrypted or not, then they've probably got their cart before their horse too. opsec requirements should indicate whether you encrypt, not the other way around. Well... So, where is the flow in my example? This example was designed so that, depending on the level of encryption (and so the importance of the safety of the message according to the sender), the message had different meanings. As you've noticed, the sender cannot verifiably communicate their intent by their choice of encryption key. If the sender wants to communicate their intent in a way that the recipient can verify it, they'll need to sign something. In your example, the fact that a message was encrypted makes the recipient treat it as though the sender had indicated something specific about the message because it was encrypted. This is bad policy, since there is no indication that the sender encrypted the message themselves, or even knew that the message was encrypted. Which is exactly the reason for which Hauke proposed to sign the encrypted message in addition to signing the cleartext message, is it not? Sure, there might be other ways: add a message stating to which key the message is encrypted, etc. But this one has the advantage of requiring AFAICT no alteration to the standard, and of being easily automated, for humans are quite poor at remembering to always state to which key they encrypt. Anyway, wouldn't you react differently depending on whether a message was encrypted to your offline key or unencrypted? Cheers, Leo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: NSA seeks to build quantum computer that could crack most types of encryption
On Sat, Jan 4, 2014 at 2:51 PM, Filip M. Nowak gn...@oneiroi.net wrote: On 04.01.2014 12:48, Esteban Monge wrote: 2014/1/4 Johan Wevers joh...@vulcan.xs4all.nl mailto:joh...@vulcan.xs4all.nl On 04-01-2014 0:07, Filip M. Nowak wrote: “The irony of quantum computing is that if you can imagine someone building a quantum computer that can break encryption a few decades into the future, then you need to be worried right now,” Lidar said. [1] There exists already quantum-computing resistant crypto algorithms: https://en.wikipedia.org/wiki/NTRUEncrypt Perhaps it's about time to start talking about implementing them in GnuPG? By starting with changes in standard(s) which tools like PGP or GnuPG are implementing. Some other, good points were mentioned here: http://secushare.org/PGP Of course we can negate need of improvement by statements really popular these days like: compilers, libcs and OSes kernels have so many holes it's not worth to care anyway Well, everything has flaws and limitations. If we did not care about addressing them, we would still be in loinclothes living in caves. And, I do not think I look nice in loinclothes; they do not match my eye colour. But this is rather questionable approach I think. May be we can make better encryption algoritms with quantum computers and will replace actual standards You seems to be missing the point: if you can imagine someone building a quantum computer that can break encryption a few decades into the future, then you need to be worried right now Also, isn't the point that technology keep evolving, as in for each new threat there will also be a new defense for such threat. Regards, Filip ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Open Source and Gnupg related
Hello, I am quite new to this list. I dont understand what you people discuss about,many-a-times. I too want to participate in. So please tell me, where to start from. Regards, Rajat ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: sign encrypted emails
On Saturday 04 January 2014 16:09:51 Leo Gaspard wrote: On Fri, Jan 03, 2014 at 07:31:29PM -0500, Daniel Kahn Gillmor wrote: In your example, the fact that a message was encrypted makes the recipient treat it as though the sender had indicated something specific about the message because it was encrypted. This is bad policy, since there is no indication that the sender encrypted the message themselves, or even knew that the message was encrypted. Which is exactly the reason for which Hauke proposed to sign the encrypted message in addition to signing the cleartext message, is it not? Wouldn't one have to encrypt the signed-encrypted-signed message again to prevent an attacker from stripping away the outer signature? What would the recipient then do with the simple signed-encrypted message? Sure, there might be other ways: add a message stating to which key the message is encrypted, etc. But this one has the advantage of requiring AFAICT no alteration to the standard, and of being easily automated, for humans are quite poor at remembering to always state to which key they encrypt. Anyway, wouldn't you react differently depending on whether a message was encrypted to your offline key or unencrypted? One should certainly not act differently depending on the encryption of a message. Maybe with the one exception of timeliness: If a message is encrypted, you'll probably be ok with me reading the mail when I'm at my home computer. If a message is encrypted to my offline key, you'll be prepared to wait for a month or so (many people have their offline-key in a safe deposit box). Of course this opens way to subtle timing attacks (delaying reading a message until it is no longer relevant), but these subtle attacks can be done using simpler means (holding the message in transit). Cheers, Johannes ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
keysigning: lsign and offline master key
Hi, I have an offline master key with C/S capabilities and two subkeys (E, S). When (publicly) signing keys, usually I load my air gapped system with the master key, sign each individual UID of the key to sign, and export the signatures. Then send the signatures encrypted to the UID. How would the procedure look like for an lsign? - load system with master key - lsign the key/UIDs - ...here I'm stuck, because (as I understand the lsign) I cannot export the signature... Is this right? How can I lsign a key and transfer the local signature from my air gapped system? Maybe by copying the keyring files between the systems? Thanks in advance, -- nb.linux ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keysigning: lsign and offline master key
On 01/04/2014 04:41 PM, nb.linux wrote: - ...here I'm stuck, because (as I understand the lsign) I cannot export the signature... Is this right? How can I lsign a key and transfer the local signature from my air gapped system? Maybe by copying the keyring files between the systems? You have at least two approaches available to you: 0) --export-options export-local on your air-gapped system, combined with --import-options import-local on your regular system. 1) create a secret key that lives only on your regular system; give it ultimate ownertrust, but never publish it. Use it to make non-exportable signatures. Would either of these workflows meet your goals? --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keysigning: lsign and offline master key
Am Sa 04.01.2014, 21:41:32 schrieb nb.linux: How can I lsign a key and transfer the local signature from my air gapped system? --export-options export-local-sigs Not necessary for import if the importing system knows the signing key as secret key (no matter whether the mainkey is available or not). Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: sign encrypted emails
Am Sa 04.01.2014, 22:28:26 schrieb Johannes Zarl: Wouldn't one have to encrypt the signed-encrypted-signed message again to prevent an attacker from stripping away the outer signature? What would the recipient then do with the simple signed-encrypted message? That would be possible for an attacker but not make any sense: If the recipient expects the outer signature (only then this feature is a protection like signing is a protection only if the recipient acts differently on signed vs. non-signed messages) then the attacker is discovered without any advantage. There is another reason for creating this fourth layer: Some people want to hide the metadata (who made the signature). One should certainly not act differently depending on the encryption of a message. You are aware that is doesn't make any sense to make this claim without any argument after the opposite has been claimed with an argument (a very strong one)? Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: USB key form-factor smart-card readers with pinpads?
On 05/01/2014, Sam Kuper sam.ku...@uclmail.net wrote: In group 2 above, the smallest reader I have found online which offers secure PIN entry is the ACR83. Hm, I've now found several mailing list and forum discussions, etc, that indicate the ACR83 is not compatible with OpenPGP cards. That's a pity, as its stated dimensions suggest it's about a tenth the physical volume of the next smallest smart card reader with PIN pad (at least, of those that I've found online so far): the Identive SPR332 or SPR532. If anyone knows differently and is sure that the ACR83 has been made to work with the OpnPGP cards, please say so. If not, then we might as well ignore it for the rest of this thread. Thanks again, Sam ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
USB key form-factor smart-card readers with pinpads?
Dear GnuPG users, I am new to this list, so please be gentle. At some point in the coming months, I may try to obtain an OpenPGP smart card and reader. At the moment, such combinations, whether separable or combined into a single device, seem to be available in two form factors, neither of which is ideal: 1. USB-key sized devices, e.g.: Crypto Stick; Yubikey NEO; conventional USB stick-sized readers (e.g. Omnikey 6121) + ID-000 (SIM) sized OpenPGP card. 2. Full-size (ID-1) card + reader. In group 1 above, none of the devices I have found online offer secure PIN entry. In group 2 above, the smallest reader I have found online which offers secure PIN entry is the ACR83. My question to you is: does anyone manufacture a smart card reader compatible with the OpenPGP card (or containing an implementation of one) that offers secure PIN entry AND is (nearly) as compact as the CryptoStick, NEO, etc? Bonus points if it is also waterproof, tamper-evident, etc. (I am imagining that such a device would physically resemble a datAshur[1], LOK-IT[2], Flash Padlock 2[3] or similar, but perhaps with an ID-000 card slot inside. If such a device doesn't yet exist, then given the success of the CryptoStick and Yubikey NEO, I suspect there would be a market for such a device; perhaps crowd-funded via Indiegogo, Kickstarter, etc.) Many thanks in advance for your assistance, Sam [1] http://www.istorage-uk.com/datashur.php [2] http://www.lok-it.net/ [3] http://www.corsair.com/en/usb-drive/flash-padlock-2-usb-drive.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users